CVE-2013-1048 — Apache2 vulnerability

CWE-2645 documents5 sources

Severity

4.6MEDIUMNVD

EPSS

0.1%

top 83.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Apache2

Timeline

PublishedMar 6

Latest updateMay 17

Description

The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/apache2< apache2 2.2.22-13 (bookworm)

▶Debiandebian/apache2< 2.2.22-13+3

▶NVDdebian/apache22.2.16-6+1

Patches

Patch: security.debian.org ↗Patch: security.debian.org ↗

🔴Vulnerability Details

GHSA

GHSA-xvpr-22g7-3fc2: The Debian apache2ctl script in the apache2 package squeeze before 2↗2022-05-17

▶

OSV

CVE-2013-1048: The Debian apache2ctl script in the apache2 package squeeze before 2↗2013-03-06

▶

📋Vendor Advisories

Ubuntu

Apache HTTP Server vulnerabilities↗2013-03-18

▶

Debian

CVE-2013-1048: apache2 - The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+sque...↗2013

▶